//Week in review - 11 Oct 2019

AusCERT Week in Review for 11th October 2019


In the words of the Beatles, “it’s getting better all the time”. That is, flawed software is always being discovered and fixed.

A cynic might add that flawed software is being created faster than the fix process can keep up.

Microsoft’s monthly Patch Tuesday came and went this week without any major dramas, but popular macOS terminal app iTerm fixed a major RCE thanks to research funded by Mozilla, and D-Link have given up entirely on certain home routers, leaving them open to any botnet which will have them.

Critical Security Issue identified in iTerm2 as part of Mozilla Open Source Audit
Date: 2019-10-09
Author: The Hacker News

A 7-year-old critical remote code execution vulnerability has been discovered in iTerm2 macOS terminal emulator app—one of the most popular open source replacements for Mac’s built-in terminal app.
Tracked as CVE-2019-9535, the vulnerability in iTerm2 was discovered as part of an independent security audit funded by the Mozilla Open Source Support Program and conducted by cybersecurity firm Radically Open Security.
“MOSS selected iTerm2 for a security audit because it processes untrusted data, and it is widely used, including by high-risk targets (like developers and system administrators),” Mozilla says.

‘Hypocritical and ironic’: NSA whistleblower dropped from speaking at Melbourne cybersecurity conference
Date: 2019-10-08
Author: ABC News

A high-profile American whistleblower and a privacy researcher have been unexpectedly dropped from addressing a Government-backed cybersecurity event underway in Melbourne.
Thomas Drake and Dr Suelette Dreyfus of the University of Melbourne were both told their talks were “incongruent” with CyberCon, despite being invited to speak months earlier.
Mr Drake’s presentation was to address national security and surveillance, while Dr Dreyfus planned to explore the use of safe digital drop boxes for anti-corruption whistleblowing.

Beware of Fake Amazon AWS Suspension Emails for Unpaid Bills
Date: 2019-10-09

A billing notice from a vendor, especially one like Amazon, that states that your account has been suspended for unpaid bills, may confuse a user enough to click on the email link.
Attackers are capitalizing on this confusion by sending emails that pretend to be from Amazon AWS Support at postmaster@amazon.com and that use a subject of “Your service has now been suspended”.

D-Link Home Routers Open to Remote Takeover Will Remain Unpatched
Date: 2019-10-07
Author: ThreatPost

D-Link won’t patch a critical unauthenticated command-injection vulnerability in its routers that could allow an attacker to remotely take over the devices and execute code.
The vulnerability (CVE-2019-16920) exists in the latest firmware for the DIR-655, DIR-866L, DIR-652 and DHP-1565 products, which are Wi-Fi routers for the home market.
With no patch available, affected users should upgrade their devices as soon as possible.

Signal Messenger Bug Lets Callers Auto-Connect Calls Without Receivers’ Interaction
Date: 2019-10-04
Author: The Hacker News

Almost every application contains security vulnerabilities, some of which you may find today, but others would remain invisible until someone else finds and exploits them—which is the harsh reality of cybersecurity and its current state.
And when we say this, Signal Private Messenger—promoted as one of the most secure messengers in the world—isn’t any exception.
Google Project Zero researcher Natalie Silvanovich discovered a logical vulnerability in the Signal messaging app for Android that could allow malicious caller to force a call to be answered at the receiver’s end without requiring his/her interaction.

Australia, US negotiate CLOUD Act data swap pact
Date: 2019-10-08
Author: iTnews

Australian law enforcement and national security agencies are set to have greater access to data held by US-based cloud providers under an agreement being negotiated with the US government.
But the bilateral agreement, if finalised and approved, will also require Australian-based cloud providers to hand over data requested by US law enforcement authorities.

Short October Patch Tuesday Includes Remote Desktop Client, Browser, and Authentication Patches
Date: 2019-10-08
Author: TrendLabs Security Intelligence Blog

October’s Patch Tuesday is relatively modest, with Microsoft releasing a total of 59 patches. However, this shorter list still warrants attention. Nine of the 59 were still identified as Critical, while the remaining 50 were labeled Important. Most of the critical bulletins were for various Internet Explorer and Microsoft Edge vulnerabilities, with one covering a Remote Desktop Client vulnerability. The Important bulletins fixed several issues, including NLTM and Microsoft IIS server vulnerabilities.

10 Steps to Assess SOC Maturity in SMBs
Date: 2019-10-07
Author: Dark Reading

Facing a system and organisation controls audit doesn’t have to be stressful for small and midsize businesses if they follow these guidelines.
Preparing for a system and organisation controls (SOC) compliance audit for the first time can be challenging. Many organisations, especially small to midsize businesses (SMBs), underestimate the level of planning and effort that goes into completing a successful SOC audit, adding to their security-related stress.
Without proper preparation, SMBs risk missing milestones and deadlines, which can result in additional fees to complete a SOC audit. Addressing these 10 questions can help an organisation prevent delays, determine their level of preparedness to complete an audit, and hopefully limit unnecessary work and effort from process owners and employees critical to the business.

Yes, MFA Isn’t Perfect. But That’s Not a Reason for Your Company Not to Use It
Date: 2019-10-08
Author: Bitdefender

When computer users and businesses ask me for a single step they could take to dramatically enhance their security it’s easy to answer: enable multi-factor authentication.
Multi-factor authentication (MFA) offers an additional layer of protection for accounts that means even if a criminal manages to phish, guess or crack your password, even if a data breach spills your login credentials, there’s a very good chance your account won’t be compromised.
Multi-factor authentication is a great way to improve your security from some of the most common attacks that are out there, but that’s not to say it’s perfect.

Stay safe, stay patched and have a good weekend!

Patch the AusCERT cat